[Secure-testing-commits] r55946 - data/CVE

Wed, 20 Sep 2017 14:16:55 -0700 

Author: jmm
Date: 2017-09-20 21:16:27 +0000 (Wed, 20 Sep 2017)
New Revision: 55946

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list       2017-09-20 21:10:14 UTC (rev 55945)
+++ data/CVE/list       2017-09-20 21:16:27 UTC (rev 55946)
@@ -1,7 +1,7 @@
 CVE-2017-14616 (An FBX-5312 issue was discovered in WatchGuard Fireware before 
12.0. If ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard Fireware
 CVE-2017-14615 (An FBX-5313 issue was discovered in WatchGuard Fireware before 
12.0. ...)
-       TODO: check
+       NOT-FOR-US: WatchGuard Fireware
 CVE-2017-14614
        RESERVED
 CVE-2017-14613
@@ -23,7 +23,7 @@
 CVE-2017-14605
        RESERVED
 CVE-2015-9231 (iTerm2 3.x before 3.1.1 allows remote attackers to discover 
passwords ...)
-       TODO: check
+       NOT-FOR-US: iTerm2
 CVE-2017-14604 (GNOME Nautilus before 3.23.90 allows attackers to spoof a file 
type by ...)
        - nautilus 3.25.90-1 (bug #860268)
        NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777991
@@ -45,9 +45,9 @@
 CVE-2017-14597 (AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS 
via the ...)
        NOT-FOR-US: AfterLogic WebMail
 CVE-2017-14596 (In Joomla! before 3.8.0, inadequate escaping in the LDAP 
authentication ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2017-14595 (In Joomla! before 3.8.0, a logic bug in a SQL query could lead 
to the ...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2017-14594
        RESERVED
 CVE-2017-14593
@@ -13755,7 +13755,7 @@
 CVE-2017-9650 (An Unrestricted Upload of File with Dangerous Type issue was 
discovered ...)
        NOT-FOR-US: Automated Logic Corporation (ALC)
 CVE-2017-9649 (A Use of Hard-Coded Cryptographic Key issue was discovered in 
Mirion ...)
-       TODO: check
+       NOT-FOR-US: Mirion
 CVE-2017-9648 (An Uncontrolled Search Path Element issue was discovered in 
Solar ...)
        NOT-FOR-US: Solar Controls WATTConfig M Software
 CVE-2017-9647 (A Stack-Based Buffer Overflow issue was discovered in the 
Continental ...)
@@ -13763,7 +13763,7 @@
 CVE-2017-9646 (An Uncontrolled Search Path Element issue was discovered in 
Solar ...)
        NOT-FOR-US: Solar Controls Heating Control Downloader (HCDownloader)
 CVE-2017-9645 (An Inadequate Encryption Strength issue was discovered in 
Mirion ...)
-       TODO: check
+       NOT-FOR-US: Mirion
 CVE-2017-9644 (An Unquoted Search Path or Element issue was discovered in 
Automated ...)
        NOT-FOR-US: Automated Logic Corporation (ALC)
 CVE-2017-9643
@@ -13875,7 +13875,7 @@
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd
        NOTE: 
https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89
 CVE-2017-9607 (The BL1 FWU SMC handling code in ARM Trusted Firmware before 
1.4 might ...)
-       TODO: check
+       NOT-FOR-US: ARM Trusted Firmware
 CVE-2017-9606 (Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow 
local ...)
        NOT-FOR-US: Infotecs ViPNet Client and Coordinator
 CVE-2017-9604 (KDE kmail before 5.5.2 and messagelib before 5.5.2, as 
distributed in ...)
@@ -16591,11 +16591,11 @@
 CVE-2017-8773 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total 
Security ...)
        NOT-FOR-US: Quick Heal Internet Security
 CVE-2017-8772 (On BE126 WIFI repeater 1.0 devices, an attacker can log into 
telnet ...)
-       TODO: check
+       NOT-FOR-US: BE126 WIFI repeater
 CVE-2017-8771 (On BE126 WIFI repeater 1.0 devices, an attacker can log into 
telnet ...)
-       TODO: check
+       NOT-FOR-US: BE126 WIFI repeater
 CVE-2017-8770 (There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 
...)
-       TODO: check
+       NOT-FOR-US: BE126 WIFI repeater
 CVE-2017-8769 (** DISPUTED ** Facebook WhatsApp Messenger 2.17.146 for Android 
uses ...)
        NOT-FOR-US: WhatsApp Messenger
 CVE-2017-8768 (Atlassian SourceTree v2.5c and prior are affected by a command 
...)
@@ -18736,7 +18736,7 @@
 CVE-2017-7925 (A Password in Configuration File issue was discovered in Dahua 
...)
        NOT-FOR-US: Dahua
 CVE-2017-7924 (An Improper Input Validation issue was discovered in Rockwell 
...)
-       TODO: check
+       NOT-FOR-US: Rockwell
 CVE-2017-7923 (A Password in Configuration File issue was discovered in 
Hikvision ...)
        NOT-FOR-US: Hikvision
 CVE-2017-7922 (An Improper Privilege Management issue was discovered in 
Cambium ...)
@@ -72853,7 +72853,7 @@
        {DSA-3583-1}
        - swift-plugin-s3 1.9-1 (bug #822688)
 CVE-2014-9758 (Cross-site scripting (XSS) vulnerability in Magento E-Commerce 
...)
-       TODO: check
+       NOT-FOR-US: Magento
 CVE-2015-XXXX [uses non-random tempdir /tmp/tmprepo.0/.git/]
        - git-repair 1.20151215-1 (unimportant; bug #807341)
        NOTE: Non-exploitable on release archs due to kernel hardening
@@ -73626,7 +73626,7 @@
 CVE-2015-8225 (The Joint Photographic Experts Group Processing Unit (JPU) 
driver in ...)
        NOT-FOR-US: Huawei
 CVE-2015-8224 (Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, 
before ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2015-8223 (Huawei P7 before P7-L00C17B851, P7-L05C00B851, and 
P7-L09C92B85, and ...)
        NOT-FOR-US: Huawei
 CVE-2015-8222 (The lxd-unix.socket systemd unit file in the Ubuntu lxd package 
before ...)
@@ -76319,7 +76319,7 @@
 CVE-2015-7348 (Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and 
...)
        NOT-FOR-US: zTree
 CVE-2015-7347 (Cross-site scripting (XSS) vulnerability in ZCMS JavaServer 
Pages ...)
-       TODO: check
+       NOT-FOR-US: ZCMS
 CVE-2015-7346 (SQL injection vulnerability in ZCMS 1.1. ...)
        NOT-FOR-US: ZCMS
 CVE-2015-7345
@@ -80869,7 +80869,7 @@
 CVE-2015-5609 (Absolute path traversal vulnerability in the Image Export 
plugin 1.1 ...)
        NOT-FOR-US: Image Export plugin for WordPress
 CVE-2015-5608 (Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1. 
...)
-       TODO: check
+       NOT-FOR-US: Joomla!
 CVE-2015-5606
        RESERVED
 CVE-2015-5605 (The regular-expression implementation in Google V8, as used in 
Google ...)
@@ -85305,13 +85305,13 @@
 CVE-2015-4076
        RESERVED
 CVE-2015-4075 (The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote 
...)
-       TODO: check
+       NOT-FOR-US: Joomla! plugin
 CVE-2015-4074 (Directory traversal vulnerability in the Helpdesk Pro plugin 
before ...)
-       TODO: check
+       NOT-FOR-US: Joomla! plugin
 CVE-2015-4073 (Multiple SQL injection vulnerabilities in the Helpdesk Pro 
plugin ...)
-       TODO: check
+       NOT-FOR-US: Joomla! plugin
 CVE-2015-4072 (Multiple cross-site scripting (XSS) vulnerabilities in the 
Helpdesk ...)
-       TODO: check
+       NOT-FOR-US: Joomla! plugin
 CVE-2015-4071 (The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote 
...)
        NOT-FOR-US: Helpdesk Pro Plugin for Joomla!
 CVE-2015-4070 (Open redirect vulnerability in the proxyimages function in ...)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

Reply via email to